Abstract

Secret handshake allows a group of authorized users to establish a shared secret key and at the same time authenticate each other anonymously. A straightforward approach to design an unlinkable secret handshake protocol is to use either long-term certificate or one-time certificate provided by a trusted authority. However, how to detect the misusing of certificates by an insider adversary is a challenging security issue when using those approaches for unlinkable secret handshake. In this paper, we propose a novel k-time authenticated secret handshake (k-ASH) protocol where each authorized user is only allowed to use the credential for k times. We formalize security models, including session key security and anonymity, for k-ASH, and prove the security of the proposed protocol under some computational problems which are proved hard in the generic bilinear group model. The proposed protocol also achieved public traceability property if a user misuses the k-time credential.